Support

The following additional information is provided in the Security Bulletin:

The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.

Adobe has released bug and security updates for Adobe Flash Player, Adobe AIR and Shockwave Player for Windows, Macintosh and Linux.

With today's Windows Update, Internet Explorer 10 and 11 in Windows 8 and Windows 8.1 are also updated. Windows RT must obtain the update from Windows Update. Google Chrome will be automatically updated.

Update Information

The newest versions are as follows:

Windows and Macintosh: 11.9.900.170
Linux: 11.2.202.332

Adobe AIR: 3.9.0.1380

Flash Player Update Instructions

Warning: Although Adobe suggests downloading the update from the Adobe Flash Player Download Center, that link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive. If you use the download center, uncheck any unnecessary extras.

It is recommended that you either use the auto-update mechanism within the product when prompted, or my preference, the direct download links.

If you use the Adobe Flash Player Download Center, be careful to uncheck any optional downloads that you do not want. Any pre-checked option is not needed for the Flash Player update.

Uncheck any toolbar offered with Adobe products if not wanted.

If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.

The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.

Adobe Flash Player for Android

The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.

Verify Installation

To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu.

Do this for each browser installed on your computer.

To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

Adobe Shockwave Player

Adobe has released a security update for Adobe Shockwave Player
12.0.2.122 and earlier versions on the Windows and Macintosh operating
systems.

This update addresses vulnerabilities that could allow an
attacker, who successfully exploits these vulnerabilities, to run
malicious code on the affected system.
Although I have yet to need Shockwave Player on this computer, there are
still many people who use it. If you have Shockwave Player installed,
please update to the latest version.

Mozilla sent Firefox Version 26.0 to the release channel. At the time of this posting, no security fixes for this version have been listed in the Security Advisories page. However, the default for Java plug-ins to "click to play" is a welcome change as is script-generated password fields.

Update: The security updates have now been posted. Version 26.0 includes five (5) critical, three (3) high, three (3) moderate, and three (3) low security updates.

Reminder

As happens each month, Microsoft will also release an updated version of
the Microsoft Windows Malicious Software Removal Tool on Windows
Update, Microsoft Update, Windows Server Update Services, and the
Download Center.

Friday, November 29, 2013

If you have not yet upgraded to Malwarebytes Anti-Malware Pro or need a special gift for a friend, now is the time to act. Malwarebytes is having a limited-time sale that is just too good to pass up.

Today through December 2, 2013, a lifetime license of Malwarebytes Anti-Malware Pro is only $14.95 USD for a lifetime license! That is a 40 percent discount off the regular price of $24.95, which is already a bargain for a lifetime license.

Reminder: Malwarebytes is an anti-malware software program so you still need an antivirus software.

Malwarebytes Anti-Malware PRO Features

Detects, blocks and quarantines spyware, adware and other threats in true real time

Protection from malicious links, harmful websites and malware servers

Kills browser hijackers, removes rootkits, prevents botnet attacks

On-demand & automatic malware scanning

Updates automatically for optimal protection

FREE unlimited customer support via email

Support for XP Service Pack 2, Vista, Windows 7, and Windows 8 (32-bit and 64-bit)

Wednesday, November 27, 2013

If you are planning on shopping online to take advantage of the Black Friday and Cyber Monday sales, be sure to shop safely.

The Safety Tips for Online Shopping written a couple of years ago are still applicable. Be sure to check the "Tips" section for money-saving tips that may result in additional savings when you shop online.

Remember - "A day without laughter is a day wasted."May the wind sing to you and the sun rise in your heart...

Tuesday, November 12, 2013

Adobe has released bug and security updates for Adobe Flash Player for Windows, Macintosh and Linux.

With today's Windows Update, Internet Explorer 10 and 11 in Windows 8 and Windows 8.1 are also updated. Windows RT must obtain the update from Windows Update. Google Chrome will be automatically updated.

If you use the Adobe Flash Player Download Center, be careful to uncheck any optional downloads that you do not want. Any pre-checked option is not needed for the Flash Player update.

Uncheck any toolbar offered with Adobe products if not wanted.

If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.

The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.

Adobe Flash Player for Android

The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.

Verify Installation

To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu.

Do this for each browser installed on your computer.

To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

Microsoft released eight (8) bulletins. Three of the bulletins are identified as Critical with the remaining five bulletins rated Important.

The updates address vulnerabilities in Internet Explorer and Microsoft Windows. Please refer to the MSRC Blog post, Authenticity and the November 2013 Security Updates, for additional information about the updates, including the update to EMET and a new policy for CA's (Certificate Authorities).

The update in MS13-090 addresses CVE-2013-3918 which affects an Internet Explorer ActiveX Control which was publicly disclosed.

Support

The following additional information is provided in the Security Bulletin:

The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.

Sunday, November 10, 2013

Whether you call it Veteran's Day, Armistice Day or Remembrance Day, November 11th is a time to put aside politics and pay tribute to all who died for their country. It is also a perfect time to thank the Veterans in whatever country you live in.

As in previous years, I am republishing my friend Canuk's last tribute and adding special thanks to my friends "Phantom Phixer" and "Ghost". The comment he posted provides one example of why he was a special person:

"I too "will remember your friends who never had a full life", while thanking you and your comrades who have served with pride, honesty and honour.

Despite anyone's thoughts of the current conflict in Iraq - opposition or agreement, we must always remember that these brave young men and women are fighting for a cause they also may or may not agree with. The huge difference between them and us is that they are putting their lives on the line 24/7 while we sit in our homes in comfort, using the freedom of speech previous warriors won for us, and for that they deserve our love, respect, and support."

LEST WE FORGET

We Shall Keep the Faithby Moira Michael, November 1918

Oh! you who sleep in Flanders Fields, Sleep sweet - to rise anew! We caught the torch you threw And holding high, we keep the Faith With All who died. We cherish, too, the poppy red That grows on fields where valor led; It seems to signal to the skies That blood of heroes never dies, But lends a lustre to the red Of the flower that blooms above the dead In Flanders Fields. And now the Torch and Poppy Red We wear in honor of our dead. Fear not that ye have died for naught; We'll teach the lesson that ye wrought In Flanders Fields.Flags courtesy of3DFlags.com

Friday, November 08, 2013

The Microsoft Office team has been busy adding new features and improvements to the Microsoft Office Web Apps. Listed below are the changes being made to the Office Web Apps since my April 2013 article, Using Microsoft Office Web Apps. Word App:

A significant improvement is the added ability to find and replace words and phrases. You will now also be able to apply styles and formatting to tables and insert headers and footers.

Excel Web App:

Additions to the Excel Web App include the new ability to drag and drop cells and reorder sheets. A quick analysis of a range of data in the status bar (including sum, count, and average of a selected range of cells) has been added. In addition, there is support for more workbook types online.

PowerPoint Web App:

New
picture cropping functionality has been added to the PowerPoint Web App
and the name of your files can now be changed not only within the editing window of the PowerPoint Web App but also across the other Office Web Apps.

Thursday, November 07, 2013

On Tuesday, November 12, 2013, Microsoft is planning to release eight (8) bulletins. Three of the bulletins are identified as Critical with the remaining five bulletins rated Important.

The Critical updates address vulnerabilities in Internet Explorer and Microsoft Windows. The Important updates will be directed to issues in Windows and Office and most of the updates will require a restart.

Security Advisory 2896666

The issues in Security Advisory 2896666 will not be included in the scheduled updates. Although Microsoft has only detected only aware of targeted attacks against Office 2007 on Windows XP, the following additional guidance was provided regarding the affected installations by Dustin Childs in the below-linked MSRC post:

"For Office:

Office 2003 and Office 2007 are affected regardless of the installed operating system. Currently, we are only aware of targeted attacks against Office 2007 users.

Office 2010 is affected only if
installed on Windows XP or Windows Server 2003. Office 2010 is not
affected when installed on Windows Vista or newer systems.

Office 2013 is not affected, regardless of OS platform.

For Windows:

Supported versions of Windows Vista
and Windows Server 2008 ship with the affected component but are not
known to be under active attack.

Other versions of Windows are not
directly impacted. Customers who use these systems are only impacted if
they have an affected version of Office or Lync.

For Lync clients:

All supported versions of Lync client are affected but are not known to be under active attack."

Users of Windows Vista, Windows Server 2008, Lync or the above-described installations of Office are advised to enable the Fix it solution, available from my post here.

Reminder

As happens each month, Microsoft will also release an updated version of
the Microsoft Windows Malicious Software Removal Tool on Windows
Update, Microsoft Update, Windows Server Update Services, and the
Download Center.

Tuesday, November 05, 2013

Microsoft released Security Advisory 2896666 which relates to a vulnerability in the Microsoft Graphics component that affects Microsoft Windows Vista and Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync.

Microsoft is aware of targeted attacks primarily in the Middle East and South Asia that attempt to exploit this vulnerability in Microsoft Office products.

The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images. The vulnerability is exploited either through previewing or opening a specially crafted email message or file. It is also exploited by browsing similarly web content. The attacker could gain the same user rights
as the current user.

Recommendations

Microsoft has made available a Fix it solution which will disable the TIFF codec. Below are the links to both enable and disable the Fix it solution.

One "new" feature that I do not like is that the "find bar" is no longer shared between tabs. As a result, if searching for text on multiple tabs, it is necessary to open it on each tab. As a result, it is necessary to open the find bar manually when searching multiple tabs.

The keyboard shortcut Ctrl + F opens the find bar. Another option is to install an extension that enhances search options. There are two extensions that I am aware of that include the search all tabs function along with additional functionality:

Saturday, October 19, 2013

WinPatrol 29.0.2013.0 was released as a "Power to the People" update, incorporating suggestions by users of WinPatrol.

Clickable Links on Alert Screens

WinPatrol v29 has added new clickable links onthe alert screens. As shown in the image below, in addition to the usual options, the alert
screen now includes the ability to immediately disable the program from
startup, check properties or open the folder. For stubborn programs
that continually add re-add to startup at each update, this is
particularly welcome.

Suppress Continuous Alerts

If, like me, you want to know what changes are made to your computer when installing a new program or Microsoft Updates, you've kept the option to be alerted when changes are made. However, when faced with multiple alerts for the same update, there is a lot of clicking involved to approve the changes.

WinPatrol 29 now includes the default option to suppress additional alerts after your first response.

WinPatrol runs on Windows XP, Windows Vista, Windows 7 and Windows 8, including x64 versions, and can be installed directly over your current WinPatrol.
There is no need to remove your previous version or reactivate WinPatrol PLUS.

Wednesday, October 16, 2013

This is a Critical Patch Update that contains 51 new security fixes for Oracle Java SE. Oracle indicated that fifty (50) of the Java SE vulnerabilities fixed in this Critical patch Update are remotely exploitable without authentication.

Additional details about the update are available in the Oracle Quality Assurance Blog post, referenced below. If Java is still installed on your computer, it is recommended that this update be applied as soon as possible due to the threat posed by a successful attack.

Monday, October 14, 2013

Included with Microsoft Updates on the last Patch Tuesday was KB 2852386, an optional update. This update changes the Disk Cleanup wizard to provide the ability to delete superseded Windows updates in Windows 7 SP1, reducing the space used by the WinSxS ("Windows Side by Side") folder.

Normally, superseded Windows updates can be removed with the installation of a Service Pack. However, since Windows 7 SP1 was released over two years ago, the size of the C:\Windows\Winsxs folder has grown significantly since SP1.

As seen in the image copy of WinSxS Properties on my Windows 7 computer, before running Disk Cleanup, it is a very large folder at over 17 GB with over 73,000 files and 18,000 folders.

Before Disk Cleanup

Important Notes

Disk Cleanup needs to be run as Administrator.

Windows Update Cleanup is checked by default under Clean up system files. If you have had problems with Windows Updates in the past, you may not want to include the Windows Update Cleanup option when running Disk Cleanup.

If you do not see the option for Windows Update Cleanup under Clean up system files, either the wizard did not detect Windows updates that are not needed on the computer or KB 285238 has not been installed yet.

After running the Disk Cleanup wizard, you may not be able to roll back to a superseded update. In that situation, it will be necessary to manually install the superseded update.

The superseded update files will not be removed until the computer is restarted. Windows will configure Windows updates on shutdown and Cleanup on startup. Do not turn off your computer during that process.

Results

Results will vary depending on the Microsoft programs installed on your computer. In my case, with a lot of Microsoft programs installed and fully updated, there is a significant difference. Comparing the before image of WinSxS Properties from my computer with the results after running Disk Cleanup: 14,684 files and 3,507 folders have been superseded since installing SP1. Net gain: 6.9 GB!

After Disk Cleanup

Illustrated screen images of the step-by-step process are available in the TechNet article referenced below.